@metamask/transaction-pay-controller 20.1.0

Added

• Export TransactionData type from public API (#8630)

Changed

• Abort in-flight quote requests when a newer request is made for the same transaction, preventing stale responses from overwriting newer ones (#8612)
• Bump @metamask/messenger from ^1.1.1 to ^1.2.0 (#8632)
• Bump @metamask/network-controller from ^30.0.1 to ^30.1.0 (#8636)

@metamask/chomp-api-service 3.0.0

Changed

• BREAKING: update types and methods of chomp-api-service to properly reflect the API (#8635)
• Bump @metamask/messenger from ^1.1.1 to ^1.2.0 (#8632)

@metamask/money-account-upgrade-controller 1.3.0

Changed

• Bump @metamask/chomp-api-service from ^2.0.0 to ^3.0.0 (#8651)
• Bump @metamask/messenger from ^1.1.1 to ^1.2.0 (#8632)
• Bump @metamask/keyring-controller from ^25.2.0 to ^25.3.0 (#8634)
• Bump @metamask/network-controller from ^30.0.1 to ^30.1.0 (#8636)

Fixed

• Fix the associate-address step to detect the already-associated case via status: 'active'. (#8635)

@metamask/config-registry-controller 0.3.0

Changed

• Bump @metamask/keyring-controller from ^25.1.1 to ^25.3.0 (#8363, #8634)
• Bump @metamask/profile-sync-controller from ^28.0.1 to ^28.0.2 (#8325)
• Bump @metamask/controller-utils from ^11.19.0 to ^11.20.0 (#8344)
• Bump @metamask/messenger from ^1.0.0 to ^1.2.0 (#8364, #8373, #8632)
• Bump @metamask/base-controller from ^9.0.1 to ^9.1.0 (#8457)

Fixed

• ConfigRegistryApiService now accepts chains with no assets.listUrl property (#8624)

@metamask/network-controller 30.1.0

Added

• Expose missing public NetworkController methods through its messenger (#8350)
  • The following actions are now available:
    • NetworkController:enableRpcFailover
    • NetworkController:disableRpcFailover
    • NetworkController:getProviderAndBlockTracker
    • NetworkController:getNetworkClientRegistry
    • NetworkController:initializeProvider
    • NetworkController:lookupNetwork
    • NetworkController:lookupNetworkByClientId
    • NetworkController:get1559CompatibilityWithNetworkClientId
    • NetworkController:resetConnection
    • NetworkController:rollbackToPreviousProvider
    • NetworkController:loadBackup
  • Corresponding action types are available as well.
• Add getEthQuery method to NetworkController (#8350)

Changed

• Bump @metamask/controller-utils from ^11.19.0 to ^11.20.0 (#8344)
• Bump @metamask/eth-json-rpc-middleware from ^23.1.1 to ^23.1.3 (#8550, #8611)
• Bump @metamask/messenger from ^1.0.0 to ^1.2.0 (#8364, #8373, #8632)
• Bump @metamask/base-controller from ^9.0.1 to ^9.1.0 (#8457)

Deprecated

• NetworkControllerGetNetworkConfigurationByNetworkClientId type is deprecated in favor of NetworkControllerGetNetworkConfigurationByNetworkClientIdAction (#8350)
• Deprecate AbstractRpcService and RpcServiceRequestable (#8475)
  • There are no equivalents to these interfaces. If you need to take an "RPC-service-like" argument, it's best to declare which properties you're interested in rather than accepting the entire RPC service interface.

@metamask/keyring-controller 25.3.0

Added

• Expose KeyringController:exportSeedPhrase method through KeyringController messenger (#8587)
• Expose KeyringController:isUnlocked method through KeyringController messenger (#8573)
  • Returns true when the vault is unlocked, false otherwise. Mirrors state.isUnlocked and the isUnlocked() instance method, allowing consumers to check lock status via the messenger without holding a controller reference.
• Add withController action to run atomic operations on multiple keyrings (within a single transaction) (#8416)
  • This action uses a RestrictedController object that exposes addNewKeyring and removeKeyring methods to add and remove keyring during the transaction (atomic) call.
• Expose KeyringController:signTransaction method through KeyringController messenger (#8408)
• Persist vault when keyring state changes during unlock (#8415)
  • If a keyring's serialized state differs after deserialization (e.g. a migration ran, or metadata was missing), the vault is now re-persisted so the change is not lost on the next unlock.
• Added KeyringV2 support (#8390)
  • The controller now maintains a list of KeyringV2 instance in memory alongside previous Keyring instance.
  • This new keyring interface is more generic and will become the new standard to interact with keyring (creating accounts, executing logic that involves accounts like signing, etc...).
  • For now, most KeyringV2 are wrappers (read adapters) around existing Keyring instance.
• Added withKeyringV2Unsafe method and KeyringController:withKeyringV2Unsafe messenger action for lock-free read-only access to KeyringV2 adapters (#8390)
  • Mirrors withKeyringUnsafe semantics: no mutex acquired, no persistence or rollback.
  • Caller is responsible for ensuring the operation is read-only and accesses only immutable keyring data.
• Added withKeyringV2 method and KeyringController:withKeyringV2 messenger action for atomic operations using the KeyringV2 API (#8390)
  • Accepts a KeyringSelectorV2 to select keyrings by type, address, id, or filter.
  • Ships with default V2 builders for HD (HdKeyringV2) and Simple (SimpleKeyringV2) keyrings; additional builders can be registered via the keyringV2Builders constructor option.

Changed

• Bump @metamask/messenger from ^1.0.0 to ^1.2.0 (#8364, #8373, #8632)
• Bump @metamask/base-controller from ^9.0.1 to ^9.1.0 (#8457)
• Bump @metamask/eth-hd-keyring from ^13.1.1 to ^14.0.1 (#8464)
• Bump @metamask/eth-simple-keyring from ^11.1.2 to ^12.0.1 (#8464)
• Bump @metamask/keyring-api from ^21.6.0 to ^23.0.1 (#8464)
• Bump @metamask/keyring-internal-api from ^10.0.0 to ^11.0.0 (#8464, #8584)

@metamask/messenger 1.2.0

Added

• Allow overriding action handler in subclass (#8617)
  • The Messenger class now has a protected getAction method which returns the action handler for a given action name.
• Add subscribeOnce and waitUntil utility methods to Messenger (#8575)

Deprecated

• Deprecate generate-action-types CLI tool and messenger-generate-action-types binary (#8378)
  • The CLI has been extracted to @metamask/messenger-cli. Use messenger-action-types from this package instead.

Fixed

• Throw different error for missing delegated actions (#8557)

@metamask/assets-controller 6.2.1

Changed

• Bump @metamask/transaction-controller from ^64.4.0 to ^65.0.0 (#8613)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)

@metamask/assets-controllers 105.0.0

Added

• Expose missing public CurrencyRateController methods through its messenger (#8561)
  • The following actions are now available:
    • CurrencyRateController:setCurrentCurrency
    • CurrencyRateController:updateExchangeRate
  • Corresponding action types (e.g. CurrencyRateControllerSetCurrentCurrencyAction) are available as well.

Changed

• BREAKING: Standardize names of CurrencyRateController messenger action types (#8561)
  • The GetCurrencyRateState messenger action has been renamed to CurrencyRateControllerGetStateAction to follow the convention. You will need to update imports appropriately.
  • These changes only affect the types. The action type strings themselves have not changed, so you do not need to update the list of actions you pass when initializing CurrencyRateController messenger.
• MultichainAssetsController: Restore fail-open behavior for Blockaid spam token filter (#8580)
  • Uses blacklist approach: only rejects tokens explicitly marked as malicious by Blockaid
  • When Blockaid bulk token scan API calls fail or return no results, tokens are allowed through
  • This prevents legitimate tokens from being blocked due to API outages, network issues, or missing token data
  • Malicious tokens that slip through are caught by the periodic rescan (runs daily by default)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)

Fixed

• Fix selectAssetsBySelectedAccountGroup crashing when an account referenced in the account tree is missing from internal accounts (#8604)

@metamask/bridge-controller 71.0.0

Added

• BREAKING: Add quickBuy and dappSwap FeatureIds for external swap quote consumers (#8598)
• BREAKING: Add market_closed and quote_expired QuoteWarning (#8598)
• Add tokenSecurityTypeDestination: string | null to BridgeControllerState (default null), set via updateBridgeQuoteRequestParams and reset by resetState (#8595)

Changed

• BREAKING: Add required token_security_type_destination: string \| null to RequestParams, RequiredEventContextFromClient[InputSourceDestinationSwitched], and the context arg of updateBridgeQuoteRequestParams; emitted on every analytics event that includes token_address_destination (#8595)
• BREAKING: getRequestParams now takes a second positional argument tokenSecurityTypeDestination: string \| null (#8595)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/assets-controller from ^6.1.0 to ^6.2.1 (#8590, #8622)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)

@metamask/bridge-status-controller 71.1.0

Added

• Add optional tokenSecurityTypeDestination?: string \| null to BridgeHistoryItem, StartPollingForBridgeTxStatusArgs[Serialized], and the submitTx / submitIntent arguments; when provided, it's persisted on the history item and emitted as token_security_type_destination on post-submit analytics events (#8595)

Changed

• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/bridge-controller from ^70.2.0 to ^71.0.0 (#8622)

@metamask/transaction-pay-controller 20.0.1

Changed

• Bump @metamask/assets-controller from ^6.2.0 to ^6.2.1 (#8622)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)
• Bump @metamask/bridge-controller from ^70.2.0 to ^71.0.0 (#8622)
• Bump @metamask/bridge-status-controller from ^71.0.0 to ^71.1.0 (#8622)

@metamask/chomp-api-service 2.0.0

Changed

• BREAKING: Change AssociateAddressParams.timestamp type from string to number. (#8610)

@metamask/money-account-upgrade-controller 1.2.0

Changed

• Bump @metamask/chomp-api-service from ^1.0.0 to ^2.0.0 (#8618)

Fixed

• Send the CHOMP authentication timestamp as a number instead of a string in the associate-address step. (#8610)

@metamask/transaction-controller 65.0.0

Added

• Expose TransactionController:wipeTransactions method through TransactionController messenger (#8592)

Changed

• estimateGasBatch now skips the EIP-7702 path when the account's keyring does not support it, falling back to per-transaction gas estimation (#8388)
• doesAccountSupportEIP7702 now returns false instead of true when the account is not found in any keyring (#8388)
• BREAKING: Add KeyringControllerGetStateAction to AllowedActions to enable keyring-based EIP-7702 account compatibility checks in addTransactionBatch (#8388)
  • addTransactionBatch now automatically checks whether the account's keyring supports EIP-7702 before attempting the 7702 batch path, falling back to STX/sequential when unsupported
  • Clients must add KeyringController:getState to the TransactionController messenger's allowed actions

Fixed

• Fix batch transaction signing so each transaction is signed sequentially, preventing remaining hardware wallet prompts from appearing after a rejection (#8388)

@metamask/transaction-pay-controller 20.0.0

Changed

• Rename executeEnabled feature flag to gaslessEnabled (#8607)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/assets-controller from ^6.1.0 to ^6.2.0 (#8590)

Fixed

• Fall back from Across to later pay strategies when Across quotes would require a first-time EIP-7702 authorization list (#8577)
• BREAKING: Fix mUSD conversion for hardware wallets on EIP-7702 chains by gating relay and Across 7702 paths on the account keyring type via KeyringController:getState (#8388)
  • The TransactionPayControllerMessenger now requires KeyringController:getState permission.

@metamask/eth-json-rpc-middleware 23.1.3

Fixed

• Allow Advanced Permissions metadata in signTypedData V4 requests (#8603)